CVE-2025-6054

The YANewsflash plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the 'yanewsflash/yanewsflash.php' page. This makes it possible for unauthenticated attackers to update settings and...

CVE-2025-6054 YANewsflash <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The YANewsflash plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the 'yanewsflash/yanewsflash.php' page. This makes it possible for unauthenticated attackers to update settings and...

CVE-2025-6054

The CVE-2025-6054 entry concerns the WordPress YANewsflash plugin (versions ≤ 1.0.3) with a Cross-Site Request Forgery (CSRF) vulnerability stemming from missing/incorrect nonce validation on yanewsflash/yanewsflash.php. This CSRF can allow unauthenticated attackers to trigger actions on behalf o...

CVE-2025-6054 YANewsflash <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The YANewsflash plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the 'yanewsflash/yanewsflash.php' page. This makes it possible for unauthenticated attackers to update settings and...

PT-2025-30512 · WordPress · Yanewsflash

Name of the Vulnerable Software and Affected Versions: YANewsflash plugin for WordPress versions prior to 1.0.4 Description: The YANewsflash plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on the yanewsflash/yanewsflash.php page. This...